New Adobe Reader, Acrobat Security Flaw Under Attack

Adobe Reader and Acrobat are vulnerable to a new security flaw being exploited in the wild. The bug could allow system takeovers.

Adobe Systems is warning users about a new vulnerability being exploited in
the wild.
According
to Adobe, the vulnerability can be exploited to "cause a crash and potentially
allow an attacker to take control of the affected system." The bug exists
in Adobe Reader 9.3.4 and earlier for Windows, Macintosh and Unix systems. It
also exists in Adobe Acrobat versions 9.3.4 and earlier for Mac and
Windows.

Adobe did not provide technical details on the vulnerability. However,
an advisory by Secunia stated
that the issue is caused by "a boundary error within the font parsing in
CoolType.dll and can be exploited to cause a stack-based buffer overflow by ...
tricking a user into opening a specially crafted PDF file."

"Unfortunately, there are no mitigations we can offer," a
spokesperson told eWEEK in an e-mail. "However, Adobe is actively sharing
information about this vulnerability (and vulnerabilities in general) with
partners in the security community to enable them to quickly develop detection
and quarantine methods
to protect users until a patch is available. As always, Adobe recommends
that users follow security best practices by keeping their anti-malware
software and definitions up-to-date."
Secunia advised users not to open untrusted files.
Adobe officials did not offer a timeline for when a patch would be
available, but said the company would continue to provide users with
updated information.